NimbostratusHow does SSL encryption happens with default server ssl profile? Why does the certificate needs to be the same on LTM and pool members? Can the certificate on client-ssl profile and pool members have the same hostname but different intermediate and root certificate?
CirrostratusHow does SSL encryption happens with default server ssl profile?
This is a really big question, can you perhaps offer a bit more focused question?
Why does the certificate needs to be the same on LTM and pool members?
The certificate configured on an SSL enabled (e.g. has a clientssl profile) does not need to match the certificate configured on the pool members. It's common to have a commercially signed certificate on the VIP and self-signed certificates on pool members.
Can the certificate on client-ssl profile and pool members have the same hostname but different intermediate and root certificate?
I can't see any reason why not. The serverssl profile, which controls negotiation of SSL between the BIG-IP and pool members doesn't need a validated certificate on the pool member, it just needs any certificate in order to be able to negotiate a connection.
NimbostratusHow does SSL encryption happens with default server ssl profile?
This is a really big question, can you perhaps offer a bit more focused question?
Why does the certificate needs to be the same on LTM and pool members?
The certificate configured on an SSL enabled (e.g. has a clientssl profile) does not need to match the certificate configured on the pool members. It's common to have a commercially signed certificate on the VIP and self-signed certificates on pool members.
Can the certificate on client-ssl profile and pool members have the same hostname but different intermediate and root certificate?
I can't see any reason why not. The serverssl profile, which controls negotiation of SSL between the BIG-IP and pool members doesn't need a validated certificate on the pool member, it just needs any certificate in order to be able to negotiate a connection.
AltostratusIn simple layman language client SSL profile is encrypting the traffic from end user to virtual server on F5 and server ssl profile is encrypting the traffic from F5 to servers.